Last updated 16th Feb 2026
At Prava Payments, protecting your financial data is our highest priority. We have built our payment infrastructure to ensure sensitive card details remain private, secure, and compliant with the strictest industry standards.
PCI DSS Compliance
Prava Payments is a PCI DSS Level 2 Compliant Entity.
The Payment Card Industry Data Security Standard (PCI DSS) is a rigorous set of security protocols designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
As a PCI Level 2 entity, Prava Payments adheres to strict validation requirements, including:
Annual Self-Assessment Questionnaires (SAQ): Comprehensive audits of our security controls and policies.
Quarterly Network Scans: Performed by an Approved Scanning Vendor (ASV) to identify and remediate potential network vulnerabilities.
Regular Penetration Testing: proactive testing of our systems to identify and strengthen our defenses against cyber threats.
Our Vault Architecture: Powered by Skyflow
We have partnered with Skyflow, a PCI DSS Level 1 Service Provider, to utilize their dedicated Data Privacy Vault. This architecture allows Prava Payments to handle transactions without ever directly storing your raw Primary Account Number (PAN) or CVV in our internal databases.
How We Protect Your Data
Isolation: When card details are entered, the data is encrypted and processed directly through the Skyflow Vault.
Tokenization: Sensitive card data is replaced with a unique, randomized token.
Processing: Prava Payments uses this secure token to facilitate transactions. This ensures that your original card number is not exposed to our application logs or general storage systems.
Technical Security Controls
Beyond our vault architecture, Prava Payments implements defense-in-depth strategies to secure our platform:
Encryption in Transit: All data transmitted between your browser, our servers, and our banking partners is encrypted using TLS 1.2+ (Transport Layer Security).
Polymorphic Encryption: Our vault provider utilizes advanced polymorphic encryption to ensure data is protected at rest and during computation.
Access Control: We enforce the Principle of Least Privilege. Only authorized processes have access to the tokens required to perform transactions, and access is strictly logged.
Cloud Security: Our infrastructure is hosted on top-tier cloud providers that maintain industry-standard security certifications (ISO 27001, SOC 2).
Reporting Security Issues
We value the contributions of the security research community. If you believe you have found a security vulnerability in Prava Payments, please contact us immediately.
Contact: support@prava.space
We ask that you do not publicly disclose any potential issues until we have had a reasonable amount of time to assess and address them.
